Announcements:
ISACA Opens Grandfathering Program for New CRISC Certification
Rolling Meadows, IL, USA (1 April 2010)—Professionals with eight or more years of IT and business experience can now apply for ISACA’s new Certified in Risk and Information Systems Control (CRISC) designation—without taking an exam—under a grandfathering program. The program, which opened today, is designed to recognize professionals who are highly experienced in the following domains:
· Risk identification, assessment and evaluation
· Risk response
· Risk monitoring
· IS control design and implementation
· IS control monitoring and maintenance
To earn the CRISC (pronounced “see risk”) credential through the grandfathering program, candidates must prove that at least six of the eight years of experience included specific experience performing the responsibilities across all of the five domains. They must also prove at least three years of experience in risk identification, assessment, evaluation, response and monitoring. Candidates must complete an application at www.isaca.org/crisc and submit an application fee.
The grandfathering program will run from April 2010 through March 2011. The first CRISC exam will be administered in 2011.
“Enterprises around the world are rapidly realizing the importance of monitoring, controlling and benefiting from risk-related activities. The CRISC designation helps provide assurance to employers that professionals who earn it are experienced in identifying and evaluating the risks unique to their specific organization,” said Urs Fischer, chair of ISACA’s CRISC Task Force. “Earning CRISC also helps risk and control professionals demonstrate that they have the proven ability to design, implement, monitor and maintain effective risk-based information systems controls.”
ISACA, a global association of 86,000 IT governance, security, risk and assurance professionals, also administers three other certifications:
· Certified Information Systems Auditor (CISA), earned by 75,000 professionals since it was established in 1978
· Certified Information Security Manager (CISM), earned by 13,000 professionals since its inception in 2002
· Certified in the Governance of Enterprise IT (CGEIT), earned by more than 4,000 professionals since 2007
CRISC complements ISACA’s existing certifications:
· CISA is designed for IT professionals who perform independent reviews of control design and operational effectiveness; CRISC is for IT and business professionals who identify and manage risk, and design, implement and maintain IS controls.
· CISM is for individuals who manage, design, oversee and/or assess an enterprise’s information security, including the identification and management of information security risks; CRISC is for IT professionals whose roles also encompass operational and compliance considerations.
· CGEIT is for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management; CRISC is for IT and business professionals who identify, evaluate and monitor risk and are engaged at an operational level to mitigate risk.
Additional information about ISACA certifications is available at www.isaca.org/certification.
ISACA® Announces New CRISC™ Certification for Risk Professionals
Rolling Meadows, IL, USA (13 January 2010)—ISACA, a global association of 86,000 IT audit, risk, governance and security professionals, is responding to market demand by introducing a new risk-related certification. The Certified in Risk and Information Systems Control (CRISC™) designation is for IT professionals who identify and manage risks through the development, implementation and maintenance of information systems (IS) controls. These professionals help enterprises accomplish business objectives such as effective and efficient operations, reliable financial reporting, and compliance with regulatory requirements.
A grandfathering program, through which experienced professionals can earn the certification without passing an exam, will open in April. The first CRISC exam will be administered in 2011.
ISACA established CRISC (pronounced “see risk”) to recognize IT professionals with skills and abilities related to:
· Risk identification, assessment and evaluation
· Risk response
· Risk monitoring
· IS control design and implementation
· IS control monitoring and maintenance
“The CRISC designation will demonstrate to employers that the certification holder is able to identify and evaluate the risks unique to a specific organization and help the enterprise accomplish its business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls,” said Urs Fischer, chair of ISACA’s CRISC Task Force. “We conducted an extensive amount of research globally and found that enterprises are becoming more risk-aware and are looking to identify professionals who possess the skills to help them protect their assets and enhance their businesses. CRISC fills a gap that currently exists in the marketplace.”
CRISC complements ISACA’s three existing certifications: Certified Information Systems Auditor (CISA), established in 1978 and earned by more than 70,000 professionals since its inception; Certified Information Security Manager (CISM), earned by more than 12,000 professionals since it was launched in 2002; and the newer Certified in the Governance of Enterprise IT (CGEIT), earned by more than 4,000 professionals since it was developed in 2006:
· CISA is designed for IT professionals who perform independent reviews of control design and operational effectiveness; CRISC is for IT and business professionals who identify, evaluate and manage risk, and design, implement and maintain IS controls.
· CISM is for individuals who manage, design, oversee and/or assess an enterprise’s information security, including the identification and management of information security risks; CRISC is for IT professionals whose roles also encompass operational and compliance considerations.
· CGEIT is for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management; CRISC is for IT and business professionals who are engaged at an operational level to mitigate risk.
Additional information about the CRISC certification is available at www.isaca.org/crisc.
ISACA® International would like to provide you with a
brief update on three key CISA®, CISM® and CGEIT® initiatives.
1) Grandfathering
Extension: Due
to the overwhelming demand for the CGEIT certification, the
CGEIT Certification Board has extended the application deadline
for certifications under
the grandfathering provision to 31 December 2008. Prior to
the grandfathering application deadline, ISACA will offer the
first CGEIT exam on 13 December
2008. Registration for the June 2009 exam will open in December
2008. CGEIT exams will be offered at the same time and locations
as the CISA
and CISM certification exams.
2) New Pins: New certification pins have been designed
for CISA, CISM and CGEIT credential holders. These pins will be
mailed to individuals when they are first certified, along
with their congratulatory letter,
designation certificate and CPE policy. Current credential
holders will receive a new pin along with their new certificate
as they complete
their
current 3-year certification cycle.
3) Change to Pin Distribution: In
the past, ISACA has sent pins in bulk to chapters and many
chapters held recognition events for newly certified members.
Although recognition events are welcome and encouraged,
all certified constituents were not
receiving pins. For this reason, all pins will now be mailed
to the certified individuals directly by ISACA International
Headquarters. By sending
pins directly to the certification holders, we can better
ensure that all CISAs, CISMs and CGEITs receive a pin.
CISA Certification
The Certified Information Systems Auditor® (CISA®) program
is designed to assess and certify individuals in the
IS audit, control and
security profession who demonstrate exceptional skill
and judgment. CISA has grown to be globally recognized and
adopted worldwide as
a symbol
of achievement. More than 44,000 professionals have earned
the CISA certification since inception. As Sarbanes-Oxley
Act becomes effective in the United
States, the value of CISA has increased dramatically
due to the increasing demand for IS audit skills and knowledge
in external audits, internal
audits and IT governance. For more information on becoming
a CISA, see www.isaca.org.
CISM Certification
The Certified Information Security Manager® (CISM®) certification
program is developed specifically for experienced information security
managers and those who have information security management responsibilities.
The CISM certification is for the individual who manages, designs, oversees
and/or assesses an enterprise’s information security (IS). The
CISM certification promotes international practices and provides executive
management with assurance that those earning the designation have the
required experience and knowledge to provide effective security management
and consulting services. Individuals earning the CISM certification
become part of an elite peer network, attaining a one-of-a-kind credential.
The CISM job practice also defines a global job description for the
information security manager and a method to measure existing staff
or compare prospective new hires. For more information on becoming a
CISM, see www.isaca.org.
Certified in the Governance of Enterprise IT™ (CGEIT™)
Overview
Boards and executive management have long understood the
need for enterprise and corporate governance. As information technology
(IT) has become more important to the achievement of enterprise
goals and delivery of benefits, there has been an increasing realization
that governance must be extended to IT as well. IT governance is
an integral part of enterprise governance and consists of the leadership
and organizational structures and processes that ensure that the
organization's IT sustains and extends the organization's strategies
and objectives.
ISACA recognized this shift in emphasis in 1998, and formed the IT
Governance Institute (ITGI) to focus on original research, publications,
resources and symposia on IT governance and related topics. To support
and promote this significant body of work, ISACA and the ITGI are proud
to offer a certification program for professionals charged with satisfying
the IT governance needs of an enterprise.
Taking a lead role in the establishment and management of information
technology infrastructure and processes, individuals playing a role
in IT governance provide significant support to the Board of Directors
and executive management. The certification program recognizes those
who have the necessary level of professional knowledge, personal skills,
and business experience to maximize the contribution made by information
technology to an enterprise's success while managing and mitigating
risks posed by IT.
This certification will benefit the individual, through recognition
of their professional knowledge and competencies; skill-sets; abilities
and experiences, and will enhance their professional standing. It will
also add value to the enterprises they support through the demonstration
of a visible commitment to excellence in IT governance practices.
The certification process has been specifically developed for professionals
who have a significant management, advisory, or assurance role relating
to the governance of IT. The certification promotes the advancement
of professionals who wish to be recognized for their IT governance-related
experience and knowledge.
The certification is also intended to:
- Support the growing business
demands related to IT governance
- Increase the awareness and importance of IT governance
good practices and issues
- Define the roles and responsibilities of the professionals
performing IT governance work
For more information on becoming a CGEIT, click here.
